NIST, HiTrust and HIPAA all require the ability to withstand business interruptions, planned or unplanned. This includes denial-of-service attacks, hurricanes, fires, floods, sabotage, cyberattacks and more. NIST 800-34 Contingency Planning for Federal Information Systems lays it out like this for the federal sector, which translates to any business in the government of private sector. The goal is to ensure that organizations have their EPHI available when it is needed. The HHS.gov disaster recovery plan implementation specification requires covered entities to: Establish (and implement as needed) procedures to restore any loss of data”]